You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Hjt Log - Tfazio

I'm a new member in the forum and for a while now I've been having trouble with a CWS variant - CoolWWWSearch.HomeSearch. My computer is running XP with Norton Internet Security and I have added Ad-Aware and SpyBot since the infection. SpyBot will detect the problem but is unable to clean it. I'm not sure, but I think the infection may also have affected software such as iTunes, which mysteriously stopped working without any upgrade or change. At any rate, I've posted a HiJack this log of my computer below. Any help is appreciated as my efforts have only resulted in frustration. Thanks!

1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

Thanks for the quick response. I followed your instructions. CWShredder did not detect anything. Ewido did find a number of infections. The ewido log follows after which is a new HJT log. Thanks again for your help.

That's odd since I know I posted it. Is there a limit to the length of a post? I noticed that the last part of the ewido scan is also missing. At any rate, below is the rest of the ewido scan report and the HJT log. Thanks!

1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was _____________________

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\iepa.exe _____________________

Please Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)_____________________

Then go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder._____________________

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK._____________________

I followed your instructions but unfortunately I think the problem is still there. Killbox couldn't find the iepa.exe file to delete. It shows up in the new HJT log but I am unable to find it in the Windows directory even when showing hidden and system files. Also as you can see, the IE start page was reset by the virus when I booted back to normal mode. What's next to try?

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.